This repository contains some of my scripts that i created to automate some recon processes.
It performs the following things;
- Get subdomains of a domain
- Filter out only online domains
- Scan the domains for CRLF
- Check for a CORS misconfigurations
- Test for open redirects
- Grab sensitive headers
- Get sensitive info from error pages
- Check for subdomain takeovers
- Screenshot all domains
- Check if sites run wordpress
- Start a wpscan on the wordpress sites
- Do a nmap service scan
More tools in comming soon / in progress
All output will get saved in a folder named by the domain, in the output folder.
In this folder it will create files with the discovered content.
git clone https://github.com/003random/003Recon.git; cd 003Recon; ./install.sh; #Or if you have some tools already installed, edit the paths in recon.sh and comment those tools out here.
And then call it with: